On 2024-11-08 00:17, gregor herrmann wrote:
The distinction between Depends, Recommends or Suggests is not a
true/false thing; this is not a question of mathematics or science
but always a judgement call. Adding another category won't solve
anything IMO but only extend the sometimes blurry area.
Clarifying policy may or may not help, in the end there will always
be uncertainties, clarifications, bug reports, and the common effort
to find the best solution for most users.
And, IMO more importantly, there is a question of why this problem needs
solving. What are the underlying pain points people have. If a package
that is pulled in by a Recommends breaks your local configuration (the
example with the terminal emulator getting hijacked), that is indeed a
problem - and that should be fixed regardless. Otherwise it is maybe a
bit wasteful in terms of bandwidth (initial download and updates) and
disk space - but installing yet another package should not otherwise
hurt the user. In general the requirements imposed here are not
outrageous and maybe in the rare cases where they are bug reports might
be useful.
If you are building a derivative and are concerned about recommends
pulling in "random" things: Sure, but arguably you would want to control
your dependencies more strongly anyway - be it for support load, or
other constraints. Having an allowlist of packages that you compare your
package set against that you review for changes might help. And then you
just go and prune what isn't on the list. Or maybe have a metapackage
that conflicts against unwanted software.
For others it might be about more easily surfacing individual feature
sets to the user (like tasksel, but for software groups) where
metapackages might be a bit too messy. But then that's a different ask
from a weak-depends, as well.
Kind regards
Philipp Kern
